A given access control system is based on the Bell-LaPadula model. The security levels, ordered from highest to lowest, are TOP SECRET, SECRET, CONFIDENTIAL and UNCLASSIFIED and the categories are A, B and C. Assume that discretionary access control allows all accesses unless otherwise specified. Determine whether the requested access is allowed in each of the following cases. Provide a clear justification in terms of the properties of the Bell-LaPadula model. a. User has label LSM = (TOP SECRET, {A, C}) and wants to view a document whose security label is LO = (SECRET, {B, C}). b. User has label LSM = (SECRET, {C}) and wants to view a document whose security label is LO = (CONFIDENTIAL, {C}). c. User has L SM = (TOP SECRET, {A, C}) and wants to view a document whose security label is LO = (CONFIDENTIAL, {A}). d. User has L SM = (UNCLASSIFIED, {A, B, C}) and wants to view a document whose label is L O = (CONFIDENTIAL, {B}). e. User with L SM = (SECRET, {A, B}) wants to view a document X which has the security label LO X = (SECRET, {A,B}), while simultaneously writing to a document Y with security label LO Y = (CONFIDENTIAL, {A}). f. User with L SM = (TOP SECRET, {A,B}) wishes to view a document X which has security label L O X = (SECRET, {A}), while simultaneously writing to a document Y with L O Y = (SECRET, {A,B}). g. User has a label LSM = (CONFIDENTIAL, {A, C}) and wants to write to a document whose label is L O = (CONFIDENTIAL, {B})

The Bell-LaPadula model is a state machine model used for enforcing access control in government and military applications. It is based on two main properties: the Simple Security Property (no read up) and the *-property (no write down).

a. The user has a higher security level (TOP SECRET) than the document (SECRET), and the document's categories are a subset of the user's categories. Therefore, according to the Simple Security Property, the user is allowed to view the document.

b. The user has a higher security level (SECRET) than the document (CONFIDENTIAL), and the document's categories are a subset of the user's categories. Therefore, according to the Simple Security Property, the user is allowed to view the document.

c. The user has a higher security level (TOP SECRET) than the document (CONFIDENTIAL), and the document's categories are a subset of the user's categories. Therefore, according to the Simple Security Property, the user is allowed to view the document.

d. The user has a lower security level (UNCLASSIFIED) than the document (CONFIDENTIAL), regardless of the categories. Therefore, according to the Simple Security Property, the user is not allowed to view the document.

e. The user has the same security level as document X (SECRET), and the categories match, so the user can view document X. However, the user is trying to write to document Y, which has a lower security level (CONFIDENTIAL). According to the *-property, the user is not allowed to write to a lower security level, so this access is not allowed.

f. The user has a higher security level (TOP SECRET) than both documents (SECRET), and the documents' categories are subsets of the user's categories. Therefore, the user is allowed to view document X. However, when writing to document Y, the user is writing to the same security level, which is allowed according to the *-property.

g. The user has the same security level as the document (CONFIDENTIAL), but the document's category B is not a subset of the user's categories {A, C}. Therefore, the user is not allowed to write to the document.